Friday, September 27, 2013

Cisco IOS Software Security Advisories are released on the fourth
Wednesday of the month in March and September of each calendar year. The
publication includes eight Security Advisories that all address vulnerabilities
in Cisco IOS Software. Exploits of the individual vulnerabilities could result
in a denial of service (DoS) condition, interface queue wedge, or a device reload.

Each 2U chassis contains a total of 12 Calxeda EnergyCards connected to a common mainboard
sharing power and fabric connectivity. The Calxeda EnergyCard is a single PCB module containing 4
Calxeda EnergyCore™ SoCs; each with 4GB DDR-3 Registered ECC Memory, 4 x SATA connectors and management interfaces.
.......

MLNX_OFED 2.0 is based on Kernel 3.7 which is a huge leap forward from the 2.6.30 Kernel that the 1.5.x is based on.

MLNX_OFED 2.0 supports the operating systems that are based on newer Kernels such as RHEL 6.x and SLES 11 SPx. MLNX_OFED 1.5.x will continue to support OS’s based on older kernels such as RHEL 5.x and SLES 10 SPx.

Sunday, September 8, 2013

Vulnerability: A non-privileged user who can run jobs or login to a node running pbs_server or pbs_mom can submit an arbitrary job to the cluster; that job can run as root. The user can submit a command directly to a pbs_mom daemon to queue and run a job. A malicious user could use this vulnerability to remotely execute code as root on the cluster.

Versions Affected: All versions of TORQUE

Mitigating Factors:
- The user must be logged in on a node that is already legitimately able to contact pbs_mom daemons or submit jobs.
- If a user submits a job via this defect and pbs_server is running, pbs_server will kill the job unless job syncing is disabled. It may take up to 45 seconds for pbs_server to kill the job.
- There are no known instances of this vulnerability being exploited.

Remedy: All TORQUE users should patch their systems using the following instructions:

What the Patch Does: The patch checks that the connection to the pbs_mom daemon is coming from a privileged port. This follows the security model that only privileged users should be able to submit arbitrary jobs.

Attribution: This vulnerability was discovered by John Fitzpatrick of MWR InfoSecurity. Matt Ezell of Oak Ridge National Laboratory assisted in creating the patch. We thank these individuals for helping to improve TORQUE.